← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
InstallFix: How attackers are weaponizing malvertized install guides
WHITE Tr1sa111 2026-03-09 Modified: 2026-03-09
26
IOCs
MEDIUM VOLUME
social engineeringgoogle adsclaude codeinstallfixmalvertisingamatera stealer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Amatera Stealer
Indicators of Compromise (26)
All FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 8d2d275360adedecfbbd91567daddeed80d20aceb8aa4320d06a21486493945b 2026-03-09
URL http://contatoplus.com/curl/8d2d275360adedecfbbd91567daddeed80d20aceb8aa4320d06a21486493945b 2026-03-09
URL http://saramoftah.com/curl/958ca005af6a71be22cfcd5de82ebf5c8b809b7ee28999b6ed38bfe5d19420 2026-03-09
URL https://claude.update-version.com/claude 2026-03-09
URL https://saramoftah.com/n8n/update 2026-03-09
URL https://some.website 2026-03-09
domain claude-code-macos.com 2026-03-09
domain contatoplus.com 2026-03-09
domain sarahmoftah.com 2026-03-09
domain saramoftah.com 2026-03-09
domain some.website 2026-03-09
hostname claude.update-version.com 2026-03-09
domain claude-code-macos.com 2026-03-09
hostname asdasdasdadsvvvvv.pages.dev 2026-03-09
hostname cladueall.pages.dev 2026-03-09
hostname claud-code.pages.dev 2026-03-09
hostname claude-code-docs-dvlr2jpuuw.edgeone.app 2026-03-09
hostname claude-code-docs-site.pages.dev 2026-03-09
hostname claude-code-install.squarespace.com 2026-03-09
hostname claudecode-developers.squarespace.com 2026-03-09
hostname claulastver.squarespace.com 2026-03-09
hostname nnnnnnnnnnnnnnnnnnnnn.pages.dev 2026-03-09
hostname vdsafsaf.it.com 2026-03-09
hostname myclauda.it.com 2026-03-09
hostname jhgyuifyfiguohi.pages.dev 2026-03-09
hostname hgjbulk.pages.dev 2026-03-09
References (1)
↗ https://pushsecurity.com/blog/installfix/